vRealize Automation Ports




In this post I’ll describe the required firewall ports for vRealize Automation Appliance Ports .

As a security best practice, configure incoming and outgoing ports for the vRealize Automation appliance according to VMware recommendations.




Incoming Ports

Port
Protocol
Comments
22
TCP
Optional. Access for SSH sessions.
80
TCP
Optional. Redirects to 443.
88
TCP (UDP optional)
Cloud KDC Kerberos authentication from external mobile devices.
443
TCP
Access to the vRealize Automation console and API calls.
Access for machines to download the guest agent and software bootstrap agent.
Access for load balancer, browser.
4369, 5671, 5672, 25672
TCP
RabbitMQ messaging.
5480
TCP
Access to the virtual appliance management interface.
Used by the Management Agent.
5488, 5489
TCP
Internally used by the vRealize Automation appliance for updates.
8230, 8280, 8281, 8283
TCP
Internal vRealize Orchestrator instance.
8443
TCP
Access for browser. Identity Manager administrator port over HTTPS.
8444
TCP
Console proxy communication for vSphere VMware Remote Console connections.
8494
TCP
Container service cluster sync
9300–9400
TCP
Access for Identity Manager audits.
54328
UDP
40002, 40003
TCP
vIDM cluster sync

 
Outgoing Ports

Port
Protocol
Comments
25, 587
TCP, UDP
SMTP for sending outbound notification email.
53
TCP, UDP
DNS server.
67, 68, 546, 547
TCP, UDP
DHCP.
80
TCP
Optional. For fetching software updates. Updates can be downloaded separately and applied.
88, 464, 135
TCP, UDP
Domain controller.
110, 995
TCP, UDP
POP for receiving inbound notification email.
143, 993
TCP, UDP
IMAP for receiving inbound notification email.
123
TCP, UDP
Optional. For connecting directly to NTP instead of using host time.
389
TCP
Access to View Connection Server.
389, 636, 3268, 3269
TCP
Active Directory. Default ports shown, but are configurable.
443
TCP
Communication with IaaS Manager Service and infrastructure endpoint hosts over HTTPS.
Communication with the vRealize Automation software service over HTTPS.
Access to the Identity Manager upgrade server.
Access to View Connection Server.
445
TCP
Access to ThinApp repository for Identity Manager.
902
TCP
ESXi network file copy operations and VMware Remote Console connections.
5050
TCP
Optional. For communicating with vRealize Business for Cloud.
5432
TCP, UDP
Optional. For communicating with another appliance PostgreSQL database.
5500
TCP
RSA SecurID system. Default port shown, but is configurable.
8281
TCP
Optional. For communicating with an external vRealize Orchestrator instance.
8494
TCP
Container service cluster sync
9300–9400
TCP
Access for Identity Manager audits.
54328
UDP
40002, 40003
TCP
vIDM cluster sync

 



Popular posts from this blog

Install and Configure vRealize Suite Lifecycle Manager 1.2 part 2

vRealize Automation 7.3 Postgres Database Automatic Failover Scenarios

vRealize Automation 7.x User Roles Overview

Upgrade vRealize Automation 7.3 to 7.4 using vRealize Suite LifeCycle Manager

vRA Databases information

Install and Configure vRealize Suite Lifecycle Manager 1.2 part 1

Deploy Windows VMs for vRealize Automation Installation using vRealize Suite Lifecycle Manager 2.0

Install and Configure vRealize Suite Lifecycle Manager 1.2 part 3